Hacking Archives - Page 12 of 13

New malware backdoors VMware ESXi servers to hijack virtual machines

10/01/2022
Cyber News
Breach, C2, Exploit, Hacking, Malware, Patching

With the help of malicious vSphere Installation Bundles, the attacker could install on the bare-metal hypervisor two backdoors

1 October

New Microsoft Exchange zero-day actively exploited in attacks

09/29/2022
Cyber News
Exploit, Hacking, Patching, PrivEsc, RCE, Security, Uncategorized

The vulnerability turns out to be so critical that it allows the attacker to do RCE on the compromised system

29 September

Sophos warns of new firewall RCE bug exploited in attacks

09/24/2022
Cyber News
0day, Exploit, Hacking, Malware, Patching, PrivEsc, RCE

Tracked as CVE-2022-3236, the flaw was found in the User Portal and Webadmin of Sophos Firewall, allowing attackers to perform remote code execution (RCE)

24 September

CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability

09/24/2022
Cyber News
Exploit, Hacking, Patching, PrivEsc, RCE

Zoho has warned of the public availability of a proof-of-concept (PoC) exploit for the vulnerability

24 September

Unpatched 15-year old Python bug allows code execution in 350k projects

09/21/2022
Cyber News
Exploit, Hacking, Patching, PrivEsc, Python, Security, Software

Disclosed in 2007 and tagged as CVE-2007-4559, the security issue never received a patch, the only mitigation provided being a documentation update warning developers about the risk.

21 September

Microsoft 365 phishing attacks impersonate U.S. govt agencies

09/21/2022
Cyber News
Breach, Exploit, Hacking, Malware, Phishing, PrivEsc

The lure in these phishing emails is a request for bids for lucrative government projects, taking them to phishing pages that are clones of legitimate federal agency portals

21 September

VMware, Microsoft warn of widespread Chromeloader malware attacks

09/21/2022
Cyber News
Breach, C2, Exploit, Hacking, PrivEsc, Ransomware, RCE, Security

Because adware doesn't create notable damage to victims' systems, besides eating up some bandwidth, it is usually a threat that is ignored or downplayed by analysts

21 September

Emotet botnet now pushes Quantum and BlackCat ransomware

09/19/2022
Cyber News
C2, Exploit, Hacking, Malware, Phishing, PrivEsc, Ransomware

The botnet is now being used to install a Cobalt Strike beacon on infected systems as a second-stage payload

19 September

Google, Microsoft can get your passwords via web browser’s spellcheck

09/19/2022
Cyber News
Breach, Exploit, Hacking, Hardening, PrivEsc, Security, Technology

Depending on the website you visit, the form data may itself include PII—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, address, email, date of birth (DOB), contact information, bank and payment information, etc

19 September

CISA orders agencies to patch Windows, iOS bugs used in attacks

09/19/2022
Cyber News
0day, Hacking, Patching, PrivEsc, Technology

The elevation of privileges bug in the Windows Common Log File System Driver is tracked as CVE-2022-37969, enabling local attackers to gain SYSTEM privileges following successful exploitation.

19 September

Hacking Archives - Page 12 of 13 - CyberConvoy Blog